Lucene search
K

28 matches found

RedHat Linux
RedHat Linux
added 2015/12/16 6:19 p.m.5 views

httpd: bypass of mod_headers rules via chunked requests

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...

5CVSS6.6AI score0.60205EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2015/12/16 6:19 p.m.4 views

httpd: bypass of mod_headers rules via chunked requests

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...

5CVSS6.6AI score0.60205EPSS
Exploits2References4
OSV
OSV
added 2015/04/10 12:24 p.m.8 views

SUSE-SU-2015:0974-1 Security update for apache2

Apache2 updated to fix four security issues and one non-security bug. The following vulnerabilities have been fixed: - modheaders rules could be bypassed via chunked requests. Adds 'MergeTrailers' directive to restore legacy behavior. bsc871310, CVE-2013-5704 - An empty value in Content-Type coul...

5CVSS5.6AI score0.60205EPSS
Exploits2References11
OSV
OSV
added 2015/03/10 2:49 p.m.6 views

USN-2523-1 apache2 vulnerabilities

Martin Holst Swende discovered that the modheaders module allowed HTTP trailers to replace HTTP headers during request processing. A remote attacker could possibly use this issue to bypass RequestHeaders directives. CVE-2013-5704 Mark Montague discovered that the modcache module incorrectly handl...

5CVSS6.7AI score0.60205EPSS
Exploits2References6
RedHat Linux
RedHat Linux
added 2015/03/05 6:59 a.m.8 views

httpd: bypass of mod_headers rules via chunked requests

A flaw was found in the way httpd handled HTTP Trailer headers when processing requests using chunked encoding. A malicious client could use Trailer headers to set additional HTTP headers after header processing was performed by other modules. This could, for example, lead to a bypass of header...

5CVSS6.6AI score0.60205EPSS
Exploits2References4
OSV
OSV
added 2014/12/13 8:16 p.m.8 views

MGASA-2014-0527 Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: A NULL pointer dereference flaw was found in the way the modcache httpd module handled Content-Type headers. A malicious HTTP server could cause the httpd child process to crash when the Apache HTTP server was configured to proxy to a server...

5.4CVSS4.6AI score0.13451EPSS
Exploits0References4
OSV
OSV
added 2014/04/15 12:0 a.m.4 views

UBUNTU-CVE-2013-5704

The modheaders module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass "RequestHeader unset" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states "this is not a security issue in httpd as such."...

5CVSS6.5AI score0.60205EPSS
Exploits2References6
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2011/06/29 8:54 a.m.5 views

Header Customization by Hitachi Web Server RequetHeader Directive Could Allow Attacker to Access Data Deleted from Memory

Overview When using the header customization function through the RequestHeader directive of Hitachi Web Server, if the RequestHeader directive is defined and the modheaders module is being used through the LoadModule directive, it could allow an attacker to gain access to the data that have been...

5.1CVSS8.9AI score0.18443EPSS
Exploits2References4
Rows per page
Query Builder